You just need to replace the trusted intercept expression accessattribute and it should work:

您只需要替换受信任的拦截表达式access属性，它应该可以工作：

<sec:intercept-url pattern="/trusted/**" filters="none" />
<sec:intercept-url pattern="/**" access="isFullyAuthenticated()" />

Though since Spring Security 3.1 has deprecated filters, you ought to use httptags to achieve the same effect:

尽管 Spring Security 3.1 已弃用filters，但您应该使用http标签来实现相同的效果：

<http pattern="/trusted/**" security="none"/>

<http auto-config='true'>
  <intercept-url pattern="/**" access="isFullyAuthenticated()" />
  <form-login login-page='/login.jsp'/>
</http>

You can read more about this here.

您可以在此处阅读更多相关信息。

<http>
<intercept-url pattern="/trusted/**" access="ROLE_USER,ROLE_GUEST" />
<intercept-url pattern="/messagePost.htm*" access="ROLE_USER" />
<intercept-url pattern="/messageDelete.htm*" access="ROLE_ADMIN" />
<anonymous username="guest" granted-authority="ROLE_GUEST" />
<remember-me />
</http>

<anonymous username="guest" granted-authority="ROLE_GUEST" />

<anonymous username="guest" granted-authority="ROLE_GUEST" />

You can define a role like ROLE_GUEST and mention like what the above code does. Any anonymous member can access the url pattern under ROLE_GUEST

你可以定义一个像 ROLE_GUEST 这样的角色，并像上面的代码那样提及。任何匿名成员都可以访问ROLE_GUEST下的 url 模式

You configuration is wrong. Now image what's happening, you are telling Spring security to allow anonymous access to everything under /trusted/**which is OK, but then you tell it again to restrict all anonymous access under /**- which is every path in your application, which obviously restricts access to /trusted/**as well.

你配置错了。现在想象一下正在发生的事情，您告诉 Spring security 允许匿名访问所有可以访问的内容/trusted/**，但是然后您再次告诉它限制所有匿名访问/**- 这是应用程序中的每条路径，这显然也限制了访问/trusted/**。

You need to change your configuration into something like this:

您需要将配置更改为如下所示：

<sec:intercept-url pattern="/trusted/**" access="isAnonymous()" />
<sec:intercept-url pattern="/secure/**" access="isFullyAuthenticated()" />

and it will work.

它会起作用。